A computing device (such as a desktop, laptop or smartphone) can perform biometric user authentication in several steps. Initially, a user enrolls with the biometric user authentication system by binding their user credentials with the user's biometric template (a “fingerprint template” in specific implementations). The biometric template contains information related to the user's biometric characteristics (also referred to as “biometric information”) obtained from a biometric sensor that scans or reads the user's biometric characteristics, such as a fingerprint. A user identification process identifies a particular user among multiple enrolled users (e.g., multiple users enrolled with a particular device, system or biometric sensor). A user verification process verifies that the user who provides their biometric information is who they claim to be by comparing the user's biometric information with the biometric template obtained during enrollment of that user.
For some service providers, such as service providers relating to payment for goods or services, the enrollment process is usually critical. Often, regulations dictate what can and cannot be done during the payment process. The “Know-Your-Customer” (KYC) and “Anti-Money Laundering” (AML) rules require a strong verification of the identity of the person claiming to be the owner of an account, payment instruments, etc. This verification is typically performed by an “accredited facility” such as by a banking agency, by a telecommunications store, or by other means of “physically” verifying the documents provided by the person. Specifically, the identity of the person is matched (e.g., by a clerk) to an officially issued or recognized government document.
The steps taken to identify an individual can be bypassed or may even fail by clever “hatted” personalities. For example, someone may provide identification from a foreign country that a clerk cannot confirm with certainty the genuine nature of the document.
This process is typically possible at a government level by matching the identity of a person to data in an automated fingerprint identification system (AFIS) database. Performing this authentication on a consumer's computing device, however, is often much more challenging. This authentication may be performed on the consumer's computing device via a one-time enrollment to a service with the clerk verifying some documentation and maybe authorizing the provisioning of a payment instrument linked to the now locally created fingerprint template.
However, when a fingerprint template is created, it is typically stored only within that specific computing device. Thus, this step is usually performed only once. Users do not want to have to return to the facility in order to enroll and create a template on another device. Further, users do not want to carry all of their devices into the facility at the same time in order to enroll and validate the user on all of his or her devices. Additionally, users change devices on a regular basis, which heightens this problem further.